Conventional security technologies used to monitor computing systems and/or computing networks, such as firewall or intrusion detection systems, typically generate massive amounts of data. To identify any attacks or unauthorized activity, a system administrator must sift through all of the data and validate that the data is identifying a meaningful and unauthorized attack, and/or interpret and prioritize the attack. Doing so is time-consuming, labor-intensive, and expensive. It is with these concepts in mind, among others, that various aspects of the present disclosure were conceived.